Implement nested multi-paper backup #3212

issue leo-bogert openend this issue on November 6, 2013
  1. leo-bogert commented at 5:26 am on November 6, 2013: none

    By “paper backup” I mean what is commonly associated with it:

    • To be able to print out the private keys of a wallet, in both human readable and computer readable format
    • To include the public keys in human readable and computer readable format, so you can quickly check whether the paper still holds value.
    • To be able to import the backup easily.

    By “multi” I mean something similar to “encrypted” or “N-factor authentication”:

    • The backup should consist of multiple sheets. It should only be possible to spend the Bitcoins if you have ALL of the sheets. This allows you to keep the backup safe from physical theft by splitting it to different locations.
    • Ideally, the amount of sheets should be freely configurable.
    • It can be implemented by having a long password for the wallet which is split into equal-sized parts and each sheet containing only one part. This allows the user to destroy one sheet and instead memorize the password which was on it. Then you effectively have an encrypted paper backup as a bonus feature.

    By “nested” I mean something to provide plausible deniability:

    • It would be useful to not disclose the number of sheets on each sheet. Then an attacker cannot quickly tell whether he has all of them, and might quit searching for more.
    • To prevent the attacker from being able to determine whether he has all sheets, make each sheet represent a complete Bitcoin address, including private key. Fund that address with a decoy amount of Bitcoins.
    • Put the random seed used to generate the decoy address on each sheet. But also generate a “primary” Bitcoin address whose public/private keys are NOT mentioned on the sheets.
    • Instead, the primary key is generated by concatenating the random seeds used for generating the decoy addresses of all sheets. Put 90% of the money into the primary address.
    • So ALL of the sheets combined would generate the “actual” address which holds the most amount of coins. But the attacker would stop trying to search more sheets once he has found one, because it DOES hold money. Just not all of it.
    • This could even be raised to a higher level: For each possible N out of M combinations of the sheets, also generate a decoy primary address which holds a little amount of Bitcoins. If the attacker believes that you had used the nesting feature and harasses you to hand out the remaining sheets, you can plausibly claim having given all of them to him, while you only revealed part of the whole.

    Even if the nesting is not implemented at first, I think at least the multi-sheet part is absolutely critical. One of the core advantages of Bitcoin surely is that they cannot be physically stolen because you can encrypt them. This is voided with physical paper backup which isn’t split into multiple sheets.

    You might argue that paper backup doesn’t have to be implemented in Bitcoin-Qt because Bitcoin-Armory already supports it somehow. I think backup really should be a core feature of the reference Bitcoin client because it is a core advantage of Bitcoin. You cannot backup dollars. You can backup Bitcoins.

    Please make the reference Bitcoin client more useful for the very paranoid.

    [Off-topic PS: I’m greedy and proud of the nesting idea, make me happy: 14EpAnasbwpeRH55mQZKX8GjZRnY6DCNsQ :) Admins please mail me if donation requests are not allowed, I will remove it then.]

  2. luke-jr commented at 5:31 am on November 6, 2013: member
    Depends on HD wallets.
  3. laanwj commented at 8:17 am on November 6, 2013: member
    Paper backup would be nice. But it indeed depends on HD wallets, otherwise you keep printing new backups…
  4. laanwj added the label Wallet on May 2, 2014
  5. laanwj added the label Feature on Jan 29, 2016
  6. laanwj removed the label Refactoring on Jan 29, 2016
  7. laanwj commented at 11:28 am on April 28, 2016: member
    Related: #2692 Bitcoin-QT grandfather - father - son wallet backup built in?
  8. Bushstar referenced this in commit d475f17bc2 on Apr 8, 2020
  9. MarcoFalke commented at 8:06 pm on April 24, 2020: member

    HD wallets are now a thing.

    I think backup protocols can be implemented outside of Bitcoin Core. If it is somehow required that Bitcoin Core does the work of the backup or printing sheets of papers, a pull request would be needed to make progress here. Closing for now.

  10. MarcoFalke closed this on Apr 24, 2020
  11. pox commented at 3:08 am on December 10, 2020: contributor

    Sorry for excavating this ancient issue, but now that HD wallet are a thing, is there a way to create a paper/metal backup of wallets?

    dumpwallet produces a file that’s too large to write down by hand, realistically.

    The hd seed is, from what I gather, something that could be used later with sethdseed on a new wallet to regenerate the same keys, but would this work on a cold machine (without blocks/headers)? I’m getting a “can’t do this before IBD finishes” error when trying this method on 0.20.1, so I’m assuming no one is really using this method.

    Sorry again if this isn’t the proper forum to ask theses sort of question, in which case I’d be happy to post elsewhere if you could point me in the right direction. I’m trying to design a cold wallet solution using core just as a wallet (no inet) and got stuck…

  12. DrahtBot locked this on Feb 15, 2022


leo-bogert luke-jr laanwj MarcoFalke pox

Labels
Feature Wallet

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-07-03 10:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me